Ubiquiti employee jailed for staging ransomware attack on own company
Nickolas Sharp, 37, has been sentenced to six years in prison.
Sharp pleaded guilty before a federal court in New York and admitted extorting his former employer Ubiquiti of nearly $2 million as well as subsequent actions that led the company to lose much more.
In December 2020, Sharp downloaded gigabytes of sensitive data from Ubiquiti for a job interview with another employer. To conceal his activities, he doctored the log retention policies, damaging them in the process. ‘Sharp modified session file names to attempt to make it appear as if other coworkers were responsible for his malicious sessions,’ the FBI stated.
In 2021. Sharp posed as an anonymous hacker and sent a ransom note to Ubiquiti demanding 50BTC (around $1.9 million) for returning stolen data and pointing out the vulnerability in the system. All the while, Sharp himself was pretending to fix the glitch he’d created and presumably may have even directly or indirectly ‘liaised’ with his alter ego during the ransom negotiations.
US Department of Justice (DoJ) stated that when the FBI started investigating him, Sharp started to publish misleading news articles identifying himself as an anonymous whistle-blower about the company’s handling of the breach. The FBI implied that this resulted in the company losing around $4 billion from its market capitalisation as its share prices went down on the New York Stock Exchange.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.